On Fri, Aug 16, 2013 at 10:01:16AM -0400, Peter Todd wrote:
> Doing this also makes it more difficult to sybil the network - for
> instance right now you can create "SPV honeypots" that allow incoming
> connections only from SPV nodes, thus attracting a disproportionate % of
> the total SPV population given a relatively small number of nodes. You
> can then use that to harm SPV nodes by, for instance, making a % of
> transactions be dropped deterministicly, either by the bloom matching
> code, or when sent. Users unlucky enough to be surrounded by sybil nodes
> will have their transactions mysteriously fail to arrive in their
> wallets, or have their transactions mysteriously never confirm. Given
> how few full nodes there are, it probably won't take very many honeypots
> to pull off this attack, especially if you combine it with a
> simultaneous max connections or bloom io attack to degrade the capacity
> of honest nodes.

Oh, here's an even better way to do the "tx drop" attack: when you drop
a transaction, make a fake one that pays the same scriptPubKeys with the
same amount, and send it to the SPV peer instead. They'll see the
transaction go through and show up in their wallet, but it'll look like
it got stuck and never confirmed. They'll soon wind up with a wallet
full of useless transactions, effectively locking them out of their
money.

Here's another question for you Mike: So does bitcoinj have any
protections against peers flooding you with useless garbage? It'd be
easy to rack up a user's data bill for instance by just creating junk
unconfirmed transactions matching the bloom filter.